Disable User
Posts
Mailchimp breached, lot's of leakage

Mailchimp breached, lot's of leakage

Security weekly

Disable User
January 26, 2023

Hi and welcome to another Security weekly. Where we laugh, we cry and share the latest and greatest in security and tech news.

Did you know? The average person will spend six months of their life waiting for red lights to turn green.Use that wisdom to put the 3 minutes you need for today's newsletter into perspective.

In this week's edition:🙊 Mailchimp breached, lot's of leakage.😠 We need to talk - personal rant🔥 the quick and dirty

Reading time: 03:17

Mailchimp breached, lot's of leakage

Those were the days..

So yeah, Mailchimp got breached. I wasn't sure to write about it, but new information got to me.While the Mailchimp breach seemed 'contained' at first, some numbers surfaced and made it a little scarier.

133 Mailchimp accounts were breached - email addresses, address detail and audiences (lists with subscribers you can mail).
One of the affected accounts is e-commerce platform WooCommerce. With over 5 million subscribers in their audience.
This is the third time this has happened. In 12 months. All due to social engineering. - I like you as a tool Mailchimp, but can we up the budget on user awareness training?

That makes it scary. So should you run off, take your business elsewhere?You could. You're not going to like it, but you could.

There is something to be said about companies that get hacked once. I saw the title of an article by Malwarebytes, and it triggered me.

Mailchimp breach feels like deja vu

Email marketing provider Mailchimp has been breached again, nine months after it was compromised last year.

https://www.malwarebytes.com/blog/news/2023/01/latest-breach-on-mailchimp-feels-like-deja-vu?utm_campaign=RT&utm_medium=social

I got to thinking: "Do companies really ever recover from a hack?"The problem is, once hackers find a way in, with succes, they're going to come back. Also there's the major factor of reputation damage.As Mailchimp said themselves;

Either they're going to be doing the best security you've ever seen, from now on, or they'll fade into the background. A has-been.

As you know, I want this newsletter to be accessible for EVERYONE (and their mom). But I feel that I can't get around using some "IT/Cyber security" jargon:

3 letters acronyms like MFA, MSP, MCP, SOC, ...
Terms that sound made up: Bluesnarfing, broadcast storm, ...
Cool hacker terms like Advanced Persistent Threat, back-to-back perimeter and my personal favorite: Terminal Access Controller Access-Control System Plus (look it up, it exists)

So instead of trying to explain everything in the post itself, I'll be adding a weekly returning "Disable User explains", highlighting one term in a few sentences.Short and sweet, just like my missus.

I'll switch it up a bit, explaining some easy and harder stuff, to keep it interesting for everyone. Adding an example when I can.If you want me to explain anything further, let me know!

Multifactor Authentication

When two or more types of authentication are used when dealing with user access control.Example:When you log into your Facebook account, you're asked to provide 6 digits send to you via SMS.

We need to talk - personal rant

People.

I need to rant. I can't hold it anymore. I'm sick of it. It frustrates me.

It seems like I can't go for a quick and quiet scroll anymore. No platform is safe. You name it: Twitter, LinkedIn, 9gag, Insta, ... Whenever I think I made it through, there it is:

"the cloud is just someone else's computer"

Just today, following the major Microsoft 365 outage (see below for details), there it was. A so called security professional, in plain sight. "The cloud is just someone else's computer."2010 called, they want their joke back.

People saying this piss me off so much.Not only are you inherently wrong, it worries me that people in IT, and more so IT security, say this. Have you ever seen a Microsoft or Amazon datacenter? Do you still think this, in any way, relates to that thing you use to type that stupid 7 word combination?Really man, go **** yourself.

The quick and dirty

Riot Games hacked, delays game patches after security breach - the positive side here is, the player base can't possibly get anymore salty.
U.S. ‘No Fly List’ Leaks After Being Left in an Unsecured Airline Server - I checked, I can still enter. Phew.
Microsoft 365 outage takes down Teams, Exchange Online, Outlook - that's 3 for 3 on "weeks Microsoft had an outage". It's raining SLA's in Redmond.
Meme of the week by The Lazy Programmer

Security like I'm five

Don't have time for hours of research? Don't have 20 years of experience in security? Me neither, but I gotchu fam.In Security like I'm five I cover a range of security topics. I do all the hard work, and explain it to you in a practical matter. Lot's of meme's too. Good stuff, good stuff.This and Security weekly conveniently delivered to your mailbox a couple of times a week, for free.Pretty sweet deal if you ask me.

So sign up for the newsletter and be enlightened! (don't set the bar too high tho)